schleedej/admin-tools
0
0
Fork 0
forked from URZ/admin-tools
Code Pull Requests Activity

Use ca-certificates as target path

Browse Source
This commit is contained in:
Daniel von Obernitz
2023-07-11 13:01:09 +02:00
parent 590eb5c54c
commit 74743829f7
1 changed files with 10 additions and 20 deletions
Download Patch File Download Diff File Expand all files Collapse all files

30
UpdateCRL.sh
View File

@@ -33,8 +33,8 @@ function ERROR {
###########################################################
PATHCRL=/etc/CertsAndKeys
CRL=(UniHGW-CRL.pem GEANT-RSA-CRL.pem GEANT-ECC-CRL.pem)
PATHCRL=/usr/local/share/ca-certificates
CRL=(UniHGW-CRL GEANT-RSA-CRL GEANT-ECC-CRL)
PATHSSL=/etc/ssl/certs
LASTRUN=/var/lib/runtime/$(basename "$0" .sh).lastrun
ERR=0
@@ -49,52 +49,42 @@ fi
for CRL in "${CRL[@]}"
do
URLCRL=https://cacher.rz.uni-greifswald.de/$CRL
URLCRL=https://cacher.rz.uni-greifswald.de/$CRL.pem
# Download CRL
if ! /usr/bin/timeout 5s wget -q -O /tmp/"$CRL" "$URLCRL"; then
if ! /usr/bin/timeout 5s wget -q -O "/tmp/$CRL.pem" "$URLCRL"; then
ERROR "Could not download $CRL!"
ERR=1
continue
fi
# Verify CRL
if ! /usr/bin/openssl crl -CApath "$PATHSSL" -in /tmp/"$CRL" -noout > /dev/null 2>&1; then
if ! /usr/bin/openssl crl -CApath "$PATHSSL" -in "/tmp/$CRL.pem" -noout > /dev/null 2>&1; then
ERROR "Could not verify $CRL against $PATHSSL!"
ERR=1
rm -f /tmp/"$CRL"
rm -f "/tmp/$CRL.pem"
continue
fi
# Check CRL validity
CRLDATETIME=$(openssl crl -in /tmp/"$CRL" -nextupdate -noout | sed 's/nextUpdate=//g')
CRLDATETIME=$(openssl crl -in "/tmp/$CRL.pem" -nextupdate -noout | sed 's/nextUpdate=//g')
VALIDUNTIL=$(date -d "$CRLDATETIME" +%s)
if [[ "$VALIDUNTIL" -lt $(date +%s) ]]; then
ERROR "$CRL is invalid!"
ERR=1
rm -f /tmp/"$CRL"
rm -f "/tmp/$CRL.pem"
continue
fi
# Move CRL to final destination path
if ! mv -f /tmp/"$CRL" "$PATHCRL"/"$CRL"; then
if ! mv -f "/tmp/$CRL.pem" "$PATHCRL/$CRL.crt"; then
ERROR "Could not move CRL to $PATHCRL!"
ERR=1
rm -f /tmp/"$CRL"
rm -f "/tmp/$CRL.pem"
continue
fi
# Link CRL
if [[ ! -L "$PATHSSL"/"$CRL" ]]; then
if ! ln -s "$PATHCRL"/"$CRL" "$PATHSSL"/"$CRL"; then
ERROR "Could not create CRL link to $PATHSSL!"
ERR=1
rm -f "$PATHCRL"/"$CRL" "$PATHSSL"/"$CRL"
continue
fi
fi
INFO "$CRL successfully updated"
done